Indonesian crypto exchange Indodax suffered a loss of approximately $22 million in various cryptocurrencies and has since disabled its mobile and web applications to investigate the breach.

On Sept. 11, multiple blockchain investigation firms, including PeckShield, Cyvers and SlowMist, alerted against an attack on Indodax’s hot wallets. The hacker stole large amounts of Bitcoin (BTC), Tron (TRX), Ether (ETH), Polygon (POL) and Shiba Inu (SHIB), among other tokens.

Source: SlowMist

SlowMist’s independent investigation suggested a breach in Indodax’s withdrawal system, which allowed the hacker to withdraw funds from Indodax exchange’s hot wallet.

The hacker stole over $1.42 million in Bitcoin, $2.4 million from the Tron blockchain tokens, over $14.6 million in various ERC-20 tokens, $2.58 million in POL and $0.9 million ETH from the Optimism blockchain.

Indodax shuts all operations to investigate $22M hack

Shortly after the breach alerts, Indodax acknowledged the hack and informed users about a temporary shutdown of services. The company said in a statement that:

“Currently, we are conducting a complete maintenance to ensure the entire system is operating properly. During this maintenance process, the INDODAX web platform and application are temporarily inaccessible.”

However, the crypto exchange reassured investors about the safety of their crypto assets.

Indodax website was made inaccessible to users amid a $22 million hack investigation. Source: Indodex

Yosi Hammer, the head of AI at Cyvers, suspects the involvement of North Korea’s infamous cryptocurrency hackers, the Lazarus group. He told BSCN:

“The pattern and the characteristics of the (Indodax) attack highly resemble those of North Korea’s Lazarus Group.”

According to CoinMarketCap data, Indodax has a reserve balance of $369 million, part of which could be repurposed to recoup investors’ losses.

Financial reserves of Indodax after $22 million hack. Source: CoinMarketCap

North Korean hackers increasingly target the crypto community

The largest hack in July, where crypto exchange WazirX lost $235 million, was also attributed to North Korea’s Lazarus group.

While Web3 security firm Cyvers initially flagged the attack, blockchain forensics firm Elliptic told Cointelegraph that specific patterns and techniques in the WazirX attack led them to believe North Korean hackers were behind the incident.

In addition to Elliptic, cryptocurrency investigator ZachXBT reached a similar conclusion.